The field of the invention is that of radio-communication systems and particularly, but not exclusively, systems like the GSM system (Global System for Mobile communications) and the DCS 1800 system (Digital Cellular System).
Generally speaking, in a system of the above kind the user communicates via a mobile station consisting of a mobile terminal that co-operates with a subscriber identification module (SIM) usually called a SIM card.
Recommendation GSM 11.11 specifies that data relating to services offered by radiocommunication networks should be stored in memory areas on the SIM card, in like manner to subscriber identification data.
The European Telecommunication Standard (ETS) defines the interface between the subscriber identification module and the mobile terminal.
According to recommendations GSM 11.11 and 11.14, a set of commands is employed relating to use of the SIM card, known as the SIM Application Toolkit and referred to below as the SIM command set.
The SIM command set combines a set of applications and associated procedures that can be used during communication sessions between a mobile terminal and an associated SIM card.
The SIM card is generally a smart card for personalizing the mobile station. It is necessary to personalize the mobile station in the case of portable mobile terminals with a high risk of loss or theft, which can lead to fraudulent misuse.
The solution offered to users to limit the risk of fraudulent misuse is to employ a removable SIM card that the user can remove from the mobile terminal whenever he or she is separated from it. With no SIM card, the mobile terminal offers only a limited number of types of call, in particular calls to emergency services.
However, this measure is not a complete solution to the problem. It is still possible for an unauthorized person in possession of a mobile terminal to simulate the SIM card normally associated with it for the purpose of fraudulent misuse of the mobile terminal, possibly after intercepting messages regularly interchanged between the mobile terminal and the SIM card.
This type of fraudulent misuse has been a particular threat since the introduction of so-called xe2x80x9cprepaidxe2x80x9d cards. After the (fraudulent) recognition that a station contains a card of this kind, there is no restriction on use of the station because the call time is deemed to be charged to the prepaid account included on the card. The situation is similar in the case of prepaid accounts charged from a prepaid card (the fraud then being the charging of the account).
The present invention aims to propose a solution to the above problem intended to make any kind of fraud so difficult that it becomes improbable.
To this end, the invention therefore consists in a method of transferring information between a subscriber identification module and a mobile terminal constituting a station of a radiocommunication system. In accordance with the invention at least some of the information transferred between said module and said terminal is protected by encryption by means of a key used in said module and in said terminal. The key is defined, at least in part, by periodically-varying data of the system.
In accordance with the invention, the periodically-varying data is a clock function specific to the radio-communication system.
Also, said key is preferably at least partly defined by other data specific to the mobile station.
The data defining said key is preferably combined in said module and in said terminal on the occasion of each transfer of information protected by encryption.
The invention also consists in a mobile terminal and a SIM card respectively adapted to apply said encrypted information transfer method.